Recently I needed to provide a way for multiple clients to connect to a server via FTP for a single domain without creating any actual system user accounts. The server has the Plesk control panel installed, so I thought it would be simply a case of looking through the Plesk documentation to find a feature built into the control panel to allow for this, unfortunately the solution is not quite that simple.
I found an article over on the Parallels knowledge base related to my problem; however it didn’t provide a viable solution because I needed the additional FTP user accounts to be virtual: not actual system accounts that have simply been “chroot”-ed to their home directories. Eventually I stumbled upon the ProFTPD documentation: ProFTPD is the FTP software that current versions of Plesk (Version 10 at the time of writing) ship with, and thankfully found what I was looking for.
ProFTPD allows you to create multiple virtual users by using an AuthUserFile
directive. The AuthUserFile
directive allows you to set the path of a file containing a list of users and passwords for authentication.
Let’s get started, log into the server’s shell via SSH and created the file that will list the virtual user accounts using the following command:
1 |
$ touch /etc/ftpusers |
Now edit the ProFTPD configuration file with your favourite text editor, here I’m using vi.
Note: Don’t edit etc/proftpd.include
as Plesk overwrites that file regularly.
1 |
$ vi /etc/proftpd.conf |
Add the following line:
1 |
AuthUserFile /etc/ftpusers |
Edit the /etc/ftpusers
file and add one user record per line using the following format:
1 |
username:password:uid:gid:gecos:home:shell |
username: The FTP username, between 1 and 32 characters in length
password: The encrypted FTP password
uid: The user ID
gid: The group ID
gecos: Friendly name for this account
home: The absolute path to the directory the user will log into via FTP
shell: Just set this to /bin/false
as we don’t want to allow the user access via shell
An example user record:
1 |
johndoe:kwmcy.MD8Etlq:10001:2524:John Doe:/var/www/vhosts/example.com/httpdocs/somefolder:/bin/false |
I just used the uid
and gid
of the main FTP user for that domain to prevent future permission problems. To find the uid
and gid
of an existing user you can use the id
command:
1 2 |
$ id usernamehere # uid=10001(user) gid=2524(psacln) groups=2524(psacln) |
To generate a password for the /etc/ftpusers
records:
1 |
$ openssl passwd -crypt passwordhere |
Then it’s just a case of restarting ProFTPD:
1 |
$ /sbin/service xinetd restart |
Job done! Virtual users should now be able to log in via FTP using the username and password you set in their record. To add new virtual users, simply add new records to the /etc/ftpusers
file.
I hope someone else may find this information useful.